<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" type="text/css" href="layout.css" />
<title>Change Password</title>
</head>

<body>
<div id="container">
<div id="logo"><img src="images/logo.png" alt="Logo" height="117" width="619" /></div>
<div id="nav">
<ul>
        <li><a href="index.php">Home</a></li>
        <li><a href="products.php">Products</a></li>
        <li><a href="contact.php">Contact Me</a></li>
</ul>
</div>
<div id="content">
<?php

session_start();

$user = $_SESSION['username'];

if($user)
{
	if(isset($_POST['submit']))
	{
		$oldpassword = md5($_POST['oldpassword']);
		$newpassword = md5($_POST['newpassword']);
		$repeatnewpassword = md5($_POST['repeatnewpassword']);
		
		$connect = mysql_connect("localhost", "root", "pratt3284");
		mysql_select_db("phplogin");
		
		$queryget = mysql_query("SELECT password FROM users WHERE username='$user'");
		$row = mysql_fetch_assoc($queryget);
		
		$oldpassworddb = $row['password'];
		
		if($oldpassword==$oldpassworddb)
		{
			if($newpassword==$repeatnewpassword)
			{
				$querychange = mysql_query("UPDATE users SET password='$newpassword' WHERE username='$user'");
				
				session_destroy();
				echo("Your password has been changed.<a href='index.php'>Return to main</a><br><br><br><br><br><br><br><br>");
			}
			else
				echo("New passwords do not match!");
		}
		else
			echo("Old password doesnt match!");
	}
	else{
	echo "
	<form action='changepassword.php' method='POST'>
		Old password: <input type='text' name='oldpassword'><p>
		New password: <input type='password' name='newpassword'><br>
		Repeat new password: <input type='password' name='repeatnewpassword'><p>
		<input type='submit' name='submit' value='Change Password'>
	</form>
	";
	}
}
else
	echo("You must be logged in to change your password!");


?>
</div>
<p>
<a href="editaccount.php">Go Back</a>

<div id="footer"><i>Copyright &copy; 2012 E-commerce site</i><br />
<a href="mailto:npratt3284@gmail.com">npratt3284@gmail.com</a></div>

</div>

</body>
</html>